Closed
Bug 1488161
Opened 7 years ago
Closed 6 years ago
Review / Investigation: Figure out how hard it is to XSS through Readability
Categories
(Firefox Graveyard :: Security: Review Requests, task, P3)
Firefox Graveyard
Security: Review Requests
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: freddy, Assigned: freddy)
References
()
Details
(Whiteboard: audit)
Many of our projects use Readability to extract content from a DOM (e.g., reader mode, email tabs testpilot add-on).
Our projects generally do not rely on Readability to produce safe HTML and use their own sanitizers. However, it would still be valuable to take a closer look at the library to see how feasible it is to get an XSS through Readability.
Could maybe using some fuzzing with something like https://github.com/mozfreddyb/escape-artist/
|
||
Updated•7 years ago
|
Whiteboard: testing
|
|
||
Updated•6 years ago
|
Whiteboard: testing → audit
|
|
||
Updated•6 years ago
|
Priority: -- → P3
|
Assignee | |
Updated•6 years ago
|
Type: defect → task
|
|
Assignee | |
Comment 1•6 years ago
|
||
I doubt this will need a written review summary, so closing as resolved/fixed. Further work will happen in the depending bug.
Assignee: nobody → fbraun
Depends on: 1565931
|
|
Assignee | |
Comment 2•6 years ago
|
||
(In reply to Frederik Braun [:freddyb] from comment #1)
I doubt this will need a written review summary, so closing as resolved/fixed. Further work will happen in the depending bug.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
|
||
Updated•5 years ago
|
Product: Firefox → Firefox Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•